#JWT

I'm getting this error, how do I grab and set my key?

/29/2025, 11:59:49 PM [CONVEX M(auth:store)] Uncaught Error: Missing environment variable JWT_PRIVATE_KEY
at requireEnv (../../node_modules/.pnpm/@[email protected]_@[email protected][email protected]_@[email protected]_react_3576627dcd3bf058eace83fd92c5194e/node_modules/@convex-dev/auth/src/server/utils.ts:4:2)
at generateToken (../../node_modules/.pnpm/@[email protected]_@[email protected][email protected]_@[email protected]_react_3576627dcd3bf058eace83fd92c5194e/node_modules/@convex-dev/auth/src/server/implementation/tokens.ts:17:9)
at generateTokensForSession (../../node_modules/.pnpm/@[email protected]_@[email protected][email protected]_@[email protected]_react_3576627dcd3bf058eace83fd92c5194e/node_modules/@convex-dev/auth/src/server/implementation/sessions.ts:77:18)
at async maybeGenerateTokensForSession (../../node_modules/.pnpm/@[email protected]_@[email protected][email protected]_@[email protected]_react_3576627dcd3bf058eace83fd92c5194e/node_modules/@convex-dev/auth/src/server/implementation/sessions.ts:32:10)
at async signInImpl (../../node_modules/.pnpm/@[email protected]_@[email protected][email protected]_@[email protected]_react_3576627dcd3bf058eace83fd92c5194e/node_modules/@convex-dev/auth/src/server/implementation/mutations/signIn.ts:34:0)

Hi @ocean plume. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:

The error message Missing environment variable JWT_PRIVATE_KEY means your Convex backend is missing the required JWT private key environment variable. This key is necessary for signing authentication tokens.

How to generate and set your JWT_PRIVATE_KEY:

1. Generate the key pair:

   • Create a file called generateKeys.mjs with the following content:

   import { exportJWK, exportPKCS8, generateKeyPair } from "jose";
    
   const keys = await generateKeyPair("RS256", { extractable: true });
   const privateKey = await exportPKCS8(keys.privateKey);
   const publicKey = await exportJWK(keys.publicKey);
   const jwks = JSON.stringify({ keys: [{ use: "sig", ...publicKey }] });
    
   process.stdout.write(
     `JWT_PRIVATE_KEY="${privateKey.trimEnd().replace(/\n/g, " ")}"`,
   );
   process.stdout.write("\n");
   process.stdout.write(`JWKS=${jwks}`);
   process.stdout.write("\n");
   

   • Run the script with Node.js:

     node generateKeys.mjs
     

   • This will output two environment variables: JWT_PRIVATE_KEY and JWKS.

2. Set the environment variables in Convex:

   • Go to your Convex dashboard deployment's Environment Variables page.
   • Add both JWT_PRIVATE_KEY and JWKS with the values output by the script (no extra quotes).
   • Make sure you do this for the correct deployment (dev or prod).

3. Restart your deployment if necessary.

For more details, see the manual setup guide: Convex Auth Manual Setup.

If you are deploying to production, make sure you set these variables in your production deployment as well, not just in your local .env files. The Convex backend does not read from your local .env files; it uses the environment variables set in the Convex dashboard or via the CLI (docs).

If you want to automate this, you can also use the Convex Auth setup script:

npx @convex-dev/auth --prod

This will help ensure all required environment variables are set for production deployments Sign in & sign up work on cloud dev, error on production.

Summary:
Generate your JWT_PRIVATE_KEY and JWKS, set them in your Convex deployment's environment variables, and the error should be resolved.

Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: